The threat actors behind this campaign are attempting to deceive users by creating a website that closely resembles the official **Claude** site, utilizing similar colors and fonts. However, cybersecurity researchers at **Sophos** have uncovered that the links on the fake site merely redirect to the homepage, exposing the ruse. ### Deceptive Download Users who fall for the deception on “claude-pro[.]com” are presented with a prominent download button for a 505MB archive named 'Claude-Pro-windows-x64.zip'. This archive contains an MSI installer purported to be for the **Claude-Pro Relay** product.  _Source: Sophos_ According to **Sophos**, executing the binary results in the addition of three files to the Startup folder: *NOVupdate.exe*, *NOVupdate.exe.dat*, and *avk.dll*. ### PlugX Connection The campaign was initially discovered by **Malwarebytes**, whose researchers found that the 'Pro' installer is a trojanized version of **Claude** that functions as expected but silently deploys a **PlugX** malware chain. This gives attackers remote access to the compromised system. ### Beagle Backdoor Analysis Further analysis by **Sophos** revealed that the first-stage payload is **DonutLoader**, which fetches a relatively simple backdoor the researchers have named **Beagle**. This backdoor has a limited set of commands: * *uninstall*: uninstalls agent * *cmd*: executes command * *upload*: uploads file * *download*: downloads file * *mkdir*: creates directory * *rename*: renames file * *ls*: lists directory content * *rm*: removes directory It's important to note that this **Beagle** backdoor is distinct from the **Beagle**/**Bagle** worm documented in 2004. *NOVupdate.exe* is a signed updater for **G Data** security solutions. The attackers are using it to sideload the malicious *avk.dll* and the encrypted *NOVupdate.exe.dat* file. **Sophos** points out that sideloading the AVK DLL and an encrypted file using a **G Data** signed executable has been previously linked to **PlugX** activity. The role of the DLL is to decrypt and execute the payload inside *NOVupdate.exe.dat* in memory. This payload is the open-source in-memory injector **DonutLoader**. **Sophos** previously observed **Donut** in attacks targeting government organizations in Southeast Asia in 2024. In this instance, **Donut** deploys the final payload, the **Beagle** backdoor, into the system memory to evade detection. ### Command and Control The backdoor communicates with the command-and-control (C2) server at ‘license[.]claude-pro[.]com’ using TCP over port 443 and/or UDP over port 8080. Communication is protected by a hardcoded AES key. **Sophos** notes that the C2 is hosted at 8.217.190[.]58, an IP address that **Malwarebytes** researchers have associated with the **Alibaba-Cloud** service. ### Broader Campaign and Mitigation Further investigation by **Sophos** uncovered additional samples related to **Beagle** submitted to **VirusTotal** between February and April. These samples used the same XOR decryption key for decryption. However, these samples infected machines through different attack chains, including **Microsoft Defender** binaries, AdaptixC2 shellcode, a decoy PDF, and impersonating update sites from multiple security vendors such as **CrowdStrike**, **SentinelOne**, and **Trellix**. While **Sophos** couldn't definitively attribute the campaign to a specific threat actor, they suggest that the same operators behind **PlugX** might be testing a new payload. To mitigate this threat, users should always download **Claude** from the official portal and exercise caution with sponsored search results. The presence of ‘NOVupdate’ files on a system is a strong indicator of compromise.